CVE-2013-0254
Published: 6 February 2013
The QSharedMemory class in Qt 5.0.0, 4.8.x before 4.8.5, 4.7.x before 4.7.6, and other versions including 4.4.0 uses weak permissions (world-readable and world-writable) for shared memory segments, which allows local users to read sensitive information or modify critical program data, as demonstrated by reading a pixmap being sent to an X server.
Notes
Author | Note |
---|---|
seth-arnold | "forthcoming 4.8.5, and the 4.7.6 [releases]" |
Priority
Status
Package | Release | Status |
---|---|---|
qt4-x11 Launchpad, Ubuntu, Debian |
hardy |
Ignored
(end of life)
|
lucid |
Released
(4:4.6.2-0ubuntu5.6)
|
|
oneiric |
Released
(4:4.7.4-0ubuntu8.3)
|
|
precise |
Released
(4:4.8.1-0ubuntu4.4)
|
|
quantal |
Released
(4:4.8.3+dfsg-0ubuntu3.1)
|
|
upstream |
Needed
|
|
Patches: upstream: http://qt.gitorious.org/qt/qt/commit/20b26bdb3dd5e46b01b9a7e1ce8342074df3c89c upstream: http://qt.gitorious.org/qt/qt/commit/57756e72adf2081137b97f0e689dd16c770d10b1 |